Conversation
Notices
-
@maiyannah @cwebber I also thought mike made some good points about advisory privacy
-
@cwebber @maiyannah it means that posts contain privacy related metadata which the receiver is then supposed to faithfully implement. Mike points out that this assumes that all actors will play nicely, but its quite possible for the metadata to be ignored. He indicates that advisory privacy is possible in Hubzilla, but not the default and the admin needs to turn it on if they want it.
-
@cwebber @maiyannah it depends on who the adversary is, but with Hubzilla's "privacy groups" I think it's done with public key crypto and the keys kept on the server (perhaps salted with the instance ID). The admin will still be able to read whatever, but it should avoid user A accidentally being able to read something from user B which was unintended.
-
@cwebber @maiyannah transport security doesn't really prevent the situation where a post from privacy group A somehow accidentally (or otherwise) finds its way into a different group.
-
@maiyannah *GNU/TLS
-
@maiyannah @cwebber like you say, this might be just about changing the language from "privacy" to "message scope" or similar. To actually have privacy you need some kind of message or message group security in place.
-
@cwebber @maiyannah yes that's right. There can be (and have been) bugs, federation issues and so on which have meant that messages ended up in unexpected places. In the Hubzilla case the admin is the captain of the ship and isn't the threat model as such.
-
@cwebber @maiyannah another way to think about this is suppose that you're sending GPG encrypted mail around and via some MTA snafu a message gets delivered to the wrong inbox. In that case message privacy is still maintained.
-
@cwebber @dredmorbius @maiyannah it would make a lot of sense if you think about the ergonomics of using a phone. I've tried using NFC yubikeys with phones before, and the user experience completely sucks.
Bob Mottram
All Bobinas P4G content and data are available under the